Lavabit became a household name after former National Security Agency (NSA) contractor Edward Snowden made the public aware of the U.S. government’s mass spying programs.
At the time, the company’s founder shut Lavabit down in order to avoid allowing federal prosecutors to have access to the system’s encryption key. Due to his decision to stand by his word, protecting his customers’ privacy against the government’s overreaching powers, he was hailed as a hero by many. But that cost his business.
Years later, the company appears to be coming back. More private than ever.
According to TechDirt, the Lavabit team worked on a more secure email platform, launching the new system with an array of new privacy-enhancing features, including one that will obscure email metadata so that agencies such as the NSA or FBI won’t be able to trace communication, making officials unable to find out with whom Lavabit users are communicating.
It was the lack of this kind of security setting that caught the attention of officials prior to the closure of Lavabit in 2013. With this feature, the new Lavabit platform would be more resistant to government spying.
But the new system doesn’t only give users the peace of mind they are hoping to find by enhancing its overall security, it also protects the individual by further protecting the company from giving in under legal pressure. By closing the SSL “gap,” the company is now incapable of handing over any data that could identify users or individuals with whom they are communicating. And by locking the key in a hardware security module, Lavabit is able to generate long passphrases blindly, making the company or anyone working with the company unaware of the key’s location. But that’s not all. After generating the long passphrase, Lavabit then inserts into a tamper-resistant device and destroys the passphrase.
In order to provide consumers with the level of privacy they are seeking, the company will provide two types of high-level privacy modes: Cautious or Paranoid. The basic, more compromisable level is simply known as Trustful, placing the security duties in the hands of the company.
Cautious mode offers end-to-end encryption, placing the encryption key in the user’s device, while the Paranoid mode will require the user to move the key if he or she needs to use the service in a different device. By not allowing the encryption key to go to the Lavabit server, the company is unable to have access to the user’s communications, protecting them from government.
While this type of service is necessary, it’s important to note that, over the years, the federal government continued to fight to have an even greater access to a series of consumer technologies. At times demanding companies like Apple create a “backdoor” to their devices.
Thankfully, more private entrepreneurs will continue to step up the game, providing free market solutions to problems only governments can create.